Levels of Encryption
You can use SET ENCRYPTION PASSWORD with encryption and decryption functions to support these granularities of encryption in the database.
- Column-Level Encryption: All values in a given column of a database table are encrypted using the same password, the same encryption algorithm, and the same encryption mode. (In this case, you can save disk space by storing the hint outside the encrypted column, rather than repeating it in every row.)
- Cell-Level Encryption: Values of a given column in different
rows of the same database table are encrypted using different passwords,
or different encryption algorithms, or different encryption modes.
This technique is sometimes necessary to protect personal data. (Row-column
level encryption and set-column level encryption are both
synonyms for cell-level encryption.)
Cell-level encryption can cause substantial maintenance costs. If you implement this level of encryption, your application is responsible for determining which rows contain encrypted data and for using the correct code to handle the data. The built-in decryption functions of HCL OneDB™ fail with error -26005 if they are applied to unencrypted data. The simplest way to avoid this error is to use column-level encryption rather than cell-level encryption.
If you do not use encryption functions, people might enter unencrypted data into columns that are meant to contain encrypted data. To ensure that data entered into a field is always encrypted, use views and INSTEAD OF triggers.